[Pdns-users] PowerDNS Slave with DNSSEC and subdomain

Benjamin Rechsteiner benjamin.rechsteiner at abacus.ch
Wed Feb 16 16:48:08 UTC 2022

Hello List,

we use PowerDNS in a Master/Slave (Supermaster) setup with Postgresql
backend and sync the zones with AXFR.

We have two zones on the master (foobar.ch and dev.foobar.ch) now we
want to enable DNSSEC. This also works including AXFR to the slave

However, we get the following error message on the slave server (4.5.3)
during check-all-zones:

[Warning] 'dev.foobar.ch|RRSIG' in zone 'foobar.ch' is occluded by a
delegation at 'dev.foobar.ch' [Error] Following record is auth=1, run
pdnsutil rectify-zone?: dev.foobar.ch IN RRSIG DS 13 3 3600
20220224000000 20220203000000 52845 foobar.ch
Checked 16 records of 'foobar.ch', 1 errors, 1 warnings.

does anyone have an idea how we can solve the problem?




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220216/1973bf0e/attachment.sig>

More information about the Pdns-users mailing list